| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
getkey.c:get_pubkey_byname which was getting crowded.
* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records. Can handle both the PGP (actual key) and IPGP (URL) CERT types.
* getkey.c (get_pubkey_byname): Call them both here.
* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
|
| | |
|
| |
|
|
|
|
|
| |
keyserver_fetch): Set a flag to indicate that we're doing a direct URI
fetch so we can differentiate between a keyserver operation and a URI
fetch for protocols like LDAP that can do either.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
"clean", and add "minimize".
* import.c (parse_import_options): Make help text match the export
versions of the options.
* options.h, export.c (parse_export_options, do_export_stream): Reduce
clean options to two: clean and minimize.
* trustdb.h, trustdb.c (clean_one_uid): New function that joins uid
and sig cleaning into one for a simple API outside trustdb.
|
| |
|
|
|
|
|
|
|
|
|
| |
cleaning from one convenient place.
* options.h, import.c (parse_import_options, clean_sigs_from_all_uids,
import_one): Reduce clean options to two: clean and minimize.
* parse-packet.c (setup_user_id): Remove. (parse_user_id,
parse_attribute): Just use xmalloc_clear instead.
|
| |
|
|
|
|
| |
import_one): Add import-minimal option. Similar to export-minimal, except
it works on the way in.
|
| |
|
|
|
|
| |
(signature_check2): Add --require-backsigs and --no-require-backsigs.
Currently defaults to --no-require-backsigs.
|
| |
|
|
|
|
| |
so that gpg can get the key from DNS. This helps with opportunistic
encryption. No integration with the trust modell yet.
|
| |
|
|
|
|
| |
* g10.c, options.h: New option --exit-on-status-write-error.
* status.c (write_status_text): Make use of this option.
|
| |
|
|
|
|
|
|
|
| |
to enable the uid walking when signing a key with no uids specified to
sign.
* keylist.c (list_keyblock_print): Fix silly typo. Noted by Greg
Sabino Mullane.
|
| |
|
|
|
| |
* cardglue.c (open_card): Use it.
|
| |
|
|
|
|
|
|
|
|
| |
* export.c (parse_export_options): New option
export-reset-subkey-passwd.
(do_export_stream): Implement it.
* misc.c (get_libexecdir): New.
* keyserver.c (keyserver_spawn): Use it
|
| |
|
|
|
|
| |
* g10.c, options.h: New option --no-interactive-selection.
* keyedit.c (keyedit_menu): Use it.
|
| |
|
|
|
|
|
|
|
|
| |
* options.h, import.c (parse_import_options, import_one): Add
import-clean-uids option to automatically compact unusable uids when
importing. Like import-clean-sigs, this may nodify the local keyring.
* trustdb.c (clean_uids_from_key): Only allow selfsigs to be a
candidate for re-inclusion.
|
| |
|
|
|
|
|
|
| |
import_one): Add import-clean-sigs option to automatically clean a key
when importing. Note that when importing a key that is already on the
local keyring, the clean applies to the merged key - i.e. existing
superceded or invalid signatures are removed.
|
| |
|
|
|
| |
import-unusable-sigs is now a noop.
|
| |
|
|
|
|
|
|
|
| |
menu_clean_subkeys_from_key), trustdb.h, trustdb.c
(clean_subkeys_from_key): Remove subkey cleaning function. It is of
very limited usefulness since it cannot be used on any subkey that can
sign, and can only affect multiple selfsigs on encryption-only
subkeys.
|
| |
|
|
|
|
|
|
| |
do_export_stream): Add export-options export-clean-sigs,
export-clean-uids, export-clean-subkeys, and export-clean which is all
of the above. Export-minimal is the same except it also removes all
non-selfsigs. export-unusable-sigs is now a noop.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
comment packets.
* export.c (do_export_stream): Don't export comment packets any
longer.
* options.h, g10.c (main): Remove --sk-comments and --no-sk-comments
options, and replace with no-op.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(do_generate_keypair): Use it here rather than creating and deleting a
comment packet.
* keygen.c (gen_elg, gen_dsa): Do not put public factors in secret key as
a comment.
* options.h, encode.c (encode_simple, encode_crypt), keygen.c (do_create):
Remove disabled comment packet code.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
--default-cert-expire options. Suggested by Florian Weimer.
* main.h, keygen.c (parse_expire_string, ask_expire_interval): Use
defaults passed in, or "0" to control what default expiration is.
* keyedit.c (sign_uids), sign.c (sign_file, clearsign_file,
sign_symencrypt_file): Call them here, so that default expiration
is used when --ask-xxxxx-expire is off.
|
| |
|
|
|
| |
not there. This may happen due to typos in the translation.
|
| |
|
|
|
|
| |
treat 'verbose' and 'include-disabled' as special. Just pass them through
silently to the keyserver helper.
|
| |
|
|
|
|
|
|
|
|
| |
import-unusable-sigs flag to enable importing unusable (currently:
expired) sigs.
* options.h, export.c (parse_export_options, do_export_stream): Add
export-unusable-sigs flag to enable exporting unusable (currently:
expired) sigs.
|
| |
|
|
|
| |
from URLs and pass to keyserver helpers.
|
| |
|
|
|
|
|
|
|
|
|
| |
* passphrase.c: Don't check for __CYGWIN__, so it is treated as a
unix-like system.
* options.h, g10.c (main), textfilter.c (standard): Use new option
--rfc2440-text to determine whether to filter "<space>\t\r\n" or just
"\r\n" before canonicalizing text line endings. Default to
"<space>\t\r\n".
|
| |
|
|
|
|
|
|
| |
--openpgp directly to determine the end of line hashing rule.
* trustdb.c (uid_trust_string_fixed): Show uids as expired if the key is
expired.
|
| |
|
|
|
|
|
|
|
|
| |
(not used). (standard): 2440 says that textmode hashes should canonicalize
line endings to CRLF and remove spaces and tabs. 2440bis-12 says to just
canonicalize to CRLF. So, we default to the 2440bis-12 behavior, but
revert to the strict 2440 behavior if the user specifies --rfc2440. In
practical terms this makes no difference to any signatures in the real
world except for a textmode detached signature.
|
| |
|
|
|
|
|
| |
(parse_import_options, import_keys_internal): Make the import-options and
export-options distinct since they can be mixed together as part of
keyserver-options.
|
| |
|
|
|
| |
"export-minimal" option to disregard any sigs except selfsigs.
|
| |
|
|
|
|
|
|
| |
verify-option show-validity to show-uid-validity to match the similar
list-option.
* app-openpgp.c (verify_chv3): Fix typo.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
trust since the meaning is different.
* keyedit.c (trustsig_prompt): Change the strings to match the ones in
pkclist.c:do_edit_ownertrust to make translation easier.
* trustdb.c (trust_model_string, get_validity): Add direct trust model
which applies to the key as a whole and not per-uid.
* options.h, g10.c (parse_trust_model): New. (main): Call it from here to
do string-to-trust-model.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
issued, skip right to the CHV1/CHV2 PIN change. No need to show the
unblock or admin PIN change option. (card_edit): Add "admin" command to
add admin commands to the menu. Do not allow admin commands until "admin"
is given.
* app-openpgp.c (verify_chv3): Show a countdown of how many wrong admin
PINs can be entered before the card is locked.
* options.h, g10.c (main), app-openpgp.c (verify_chv3): Remove
--allow-admin.
|
| |
|
|
|
|
|
|
|
| |
Print a spk record for each request subpacket. (list_keyblock_colon): Call
them here.
* g10.c (parse_subpacket_list, parse_list_options): New. Make the list of
subpackets we are going to print. (main): Call them here.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
uids are always on a line for themselves. Mark expired secret keys as
expired.
* options.h, g10.c (main): Rename list show-validity to show-uid-validity
as it only shows for uids.
* armor.c (armor_filter): Do not use padding to get us to 8 bytes of
header. Rather, use 2+4 as two different chunks. This avoids a fake
filename of "is".
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* mainproc.c (check_sig_and_print): track whether we are retrieving a key.
* status.c (status_currently_allowed): New. (write_status_text,
write_status_text_and_buffer): Use it here.
* g10.c: New command --gpgconf-list. (gpgconf_list): New. From Werner on
stable branch.
|
| |
|
|
|
|
|
| |
Improved URI parser that keeps track of the path information and doesn't
modify the input string. (keyserver_spawn): Tell keyserver plugins about
the path.
|
| |
|
|
|
|
| |
keyrec, parse_keyrec, keyserver_search_prompt), keyedit.c (keyedit_menu),
g10.c (add_keyserver_url, add_policy_url): Fix some compiler warnings.
|
| |
|
|
|
|
|
|
|
|
| |
show. Don't allow a not-shown notation to prevent us from issuing the
proper --status-fd message.
* options.h, g10.c (main): Add show-std/standard-notations and
show-user-notations. show-notations is both. Default is to show standard
notations only during verify. Change all callers.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
parse_keyserver_options now returns a success code.
* keyserver.c (parse_keyserver_options): Return error on failure to parse.
Currently there is no way to fail as any unrecognized options get saved to
be sent to the keyserver plugins later. Check length of keyserver option
tokens since with =arguments we must only match the prefix.
(free_keyserver_spec): Moved code from parse_keyserver_url.
(keyserver_work, keyserver_spawn): Pass in a struct keyserver_spec rather
than using the global keyserver option. (calculate_keyid_fpr): New.
Fills in a KEYDB_SEARCH_DESC for a key. (keyidlist): New implementation
using get_pubkey_bynames rather than searching the keydb directly. If
honor-keyserver-url is set, make up a keyserver_spec and try and fetch
that key directly. Do not include it in the returned keyidlist in that
case.
|
| |
|
|
|
|
|
|
|
| |
from parse_keyserver_options by calling the generic parse_options.
* keyserver.c (keyserver_spawn, keyserver_refresh), g10.c (main), gpgv.c
(main), mainproc.c (check_sig_and_print), import.c (revocation_present):
Change all callers.
|
| |
|
|
|
|
|
| |
keyserver.c (parse_keyserver_uri): Parse keyserver URI into a structure.
Cleanup for new "guess my keyserver" functionality, as well as refreshing
via a preferred keyserver subpacket.
|
| | |
|
| |
|
|
|
|
| |
--bzip2-compress-lowmem to --bzip2-decompress-lowmem since it applies to
decompression, not compression.
|
| |
|
|
|
|
|
|
|
|
|
| |
(passphrase_to_dek), keyserver.c (print_keyrec): A few more places to use
--keyid-format.
* options.h, g10.c (main), export.c (parse_export_options,
do_export_stream): Remove --export-all and the "include-non-rfc"
export-option as they are no longer meaningful with the removal of v3
Elgamal keys.
|
| |
|
|
|
|
| |
verify-option show-long-keyids and replace with the more general
keyid-format.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
replace the list-option (and eventually verify-option) show-long-keyids.
The format can be short, long, 0xshort, and 0xlong.
* keydb.h, keyid.c (keystr, keystrlen): New functions to generate a
printable keyid.
* keyedit.c (print_and_check_one_sig, show_key_with_all_names), keylist.c
(list_keyblock_print): Use new keystr() function here to print keyids.
|
